6 Replies Latest reply: Mar 19, 2013 8:39 AM by SWRobinson
rareapple Level 1 (0 points)
Hi All
Anyone out there actually extended their AD schema? Or are using Centrify?
I wanted to find out your experience, in either and if Centrify needs to have a client application installed on the machine for it to run.
Any feedback is really appreciated.

iMac / MacPro/ MacBook Pro / MacBook / OS X Server, Mac OS X (10.6.6), Experience with Active Directory OUs/GPOs, Windows 2003/XP
  • Jarek Bingo MacGee Level 1 (5 points)
    Centrify is OK if you are looking to integrate some Macs along with a lot of Linux or Unix machines, but really doesn't do anything more than Apple's built-in AD. Quest and Likewise are the same, basically using Apple's AD plugin, and relying on the Mac OS to support certain features.

    The biggest problem with them - in my opinion - is that you have to install stuff on your server. When I was migrating, I didn't want to change my AD at all, just bring my Macs into the fold.

    I use (and suggest to my clients) ADmitMac from Thursby, a replacement of both the Active Directory plugin and the SMB client. It's client side, so nothing has to be installed or changed on the DCs, and is the only client that I've found that supports DFS.

    ... and every time I've had to call support, I've talked to a live person.

    Just my $.02.
  • tizz23 Level 1 (0 points)
    Centrify is an agent based technology, so yes you would install an agent on the Mac workstation. They are extending Kerberos out to the Mac which is how the authentication method is achieved. From a management perspective, you would install an MMC snap-in on the window admin console to administer controls via AD users & computers. The nice thing about their product is that there is no extension of the AD schema(labor intensive) and you don't have any additional software to install on your domain controllers.

    I know that they are the leader in this space... check out their product focused on the Macs: http://www.centrify.com/solutions/mac-os-desktop-management.asp
  • Rperin Level 1 (0 points)
    Apple's own white paper on AD mentions Centrify, Likewise and Thursby as solutions



    Which is the leader? Oldest? Most installs? Most ad spending?
  • Centrify_Keith Level 1 (0 points)
    tizz23 was right on with his description of Centrify functionality. You can try out our free product, Centrify Express, here:


    On those pages you'll be able to find out all about Centrify Express and download it.

    If you want to know more about our software you'll find all kinds of information about it as well as demo and instructional videos to show you how it all works.

    -Keith Moreau
    Centrify Project Manager
  • Yvo van Doorn Level 2 (245 points)
    Always find it odd to see three posts recommending a specific solution and having a post count of one. I am not going to make this an us versus them argument but I do work for Likewise and have been a long time apple user. OS X does provide it's own solution but it doesn't scale well in large situations, in part because Apple doesn't spend a lot of focus in this area and another because it uses an older version from a solution called Samba. In any case a lot of folks want something else. 

    All three solutions in Apple's doc takes care of the problem - which is integrating OS X with AD. All three bring different technologies to the table. Likewise Open, the open source solution does base authentication well. Likewise Enterprisr specifically can use Workgroup Manager and store policies in AD without modifying the schema or requiring OD. It is our unique offering allowing Mac admins be Mac admins without having to convince your AD guys to do something funny. 

    In summary - all solutions offer more functionality than Apples plugin but I'm not going to convince to go Likewise - I  instead encourage you to try the solutions you think will work best for you and your environment. 


    Yvo van Doorn
  • SWRobinson Level 1 (0 points)

    I am not a Network guru, but I am managing a new implementation of Network, and GP for our company of 35 people.  We are primiarily a Mac shop, but also use VMWare for Windows on most of our Macs, and also have several Windows machines, and we use SQL.


    The one thing we discovered with Centrify for Mac is that it doesn't have all the same features as the Windows version does.  (Specifically, you can't open a helpdesk ticket directly from the App in Mac, but you can in the Windows version).  Our Mac users have to submit helpdesk support tickets through the URL instead.  Inconvenient, but not a show-stopper.


    The bigger issue we are having is as we migrate Macs into the GP for the first time, the Centrify App installs a new Mac Profile on the users machine.  A user who already has a user profile on his/her Mac with all of her preferences, etc, has to re-do everything in the new profile.  Very inconvenient.  We haven't yet found a work-around for this.